Istio Not Working With Proxy Enabled

What happened: Workloads do not run when Istio is installed in a proxy environment with error

Warning  FailedCreate  4m1s (x17 over 9m29s)  replicaset-controller  Error creating: Internal error occurred: failed calling admission webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: Unable to connect

What you expected to happen: Being able to run workload with Istio in proxy env's.

How to reproduce it (as minimally and precisely as possible):

Have a vSphere proxy env't.
Install Istio: curl -L https://git.io/getLatestIstio | sh - cd istio-1.0.5 export PATH=$PWD/bin:$PATH
Install CRD: kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
Install Istio: kubectl apply -f install/kubernetes/istio-demo-auth.yaml
Deploy a sample workload with automatic sidecar injection: kubectl create namespace test kubectl label namespace test istio-injection=enabled kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -n test

Deployments are not running.

When running kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml you get the error message.

Anything else we need to know?:

Environment: proxy

Deployment Info (bosh -d <deployment> deployment):
Environment Info (bosh -e <environment> environment):
Kubernetes version (kubectl version):
Cloud provider (e.g. aws, gcp, vsphere): vsphere

We have added .svc,.svc.cluster.local,.svc.cluster to no_proxy settings on kube-controller-manager and kube-apiserver which solved the issue. After that the sample app was up and running.

We believe that these values should be added into default no_proxy configuration, or the proxied components should be selected by the operator so as to keep some components without proxy at all.

cloudfoundry-incubator / kubo-release

Istio Not Working With Proxy Enabled #289